RAR files that we upload are wrong !!

Hello Gurus,

Good Morning !!

We are currently implementing GRC AC 10 and have configured RAR by uploading the 9 files e.g. rule set, business process etc

When we performed RAR , we found that there were about 80 roles which had SOD violations.

So we started the cleanup activity .

We found a role which had the RISK ID : F028

Now this risk contains two functions : AP02 & GL01

Going forward we found out that both the functions contained common transaction(F-02) !!

So what we did was created two roles ,

ROLE A containing only function AP02

ROLE B containing only function GL01

Then we performed Risk Analysis and to our surprise there were RISK detected for individual function !!

How is that possible !! That an individual function contain SOD risk !!

Does that mean that files provided by SAP to be uploaded are completely wrong ??

Please note we were using the same files that were available for GRC 5.3.

Will anyone check if you are getting the same issue ??

Regards,

Victor